漏洞 Vulnerability Citrix修复Workspace App高危漏洞 https://us-cert.cisa.gov/ncas/current-activity/2020/07/23/citrix-releases-security-updates-workspace-app-windows CVE-2020-3452：Cisco ASA/FTD 任意文件读取漏洞通告 https://www.anquanke.com/post/id/211543 安全工具 Security Tools Kali-Linux-Tools-Interface – 为方便使用安全工具而开发的图形网页界面 https://www.kitploit.com/2020/07/kali-linux-tools-interface-graphical.html 安全资讯 Security Information twitter黑客获取了36个知名账户的私人信息 https://www.bleepingcomputer.com/news/security/twitter-hackers-read-private-messages-of-36-high-profile-accounts/ 正在直播 | MOSEC移动安全技术峰会 2020 https://www.anquanke.com/post/id/211605 安全研究 Security Research mcafee对WSL的研究 https://www.mcafee.com/blogs/other-blogs/mcafee-labs/hunting-for-blues-the-wsl-plan-9-protocol-bsod/ 唯快不破的分块传输绕WAF https://www.anquanke.com/post/id/211455 MMS Exploit Part 2: 有效对Qmage Codec进行fuzz https://googleprojectzero.blogspot.com/2020/07/mms-exploit-part-2-effective-fuzzing-qmage.html Zoom 5.1.2及旧版本在Win7上的DLL劫持漏洞分析 https://www.anquanke.com/post/id/211615 逆向分析微软IFEO镜像劫持从ring3到ring0的实现机理 https://www.anquanke.com/post/id/211497 RangeAMP：利用CDN+Range请求进行的HTTP放大攻击 https://www.secpulse.com/archives/136049.html Pwn2Own Miami上利用5个漏洞攻破Rockwell FactoryTalk HMI https://www.thezdi.com/blog/2020/7/22/chaining-5-bugs-for-code-execution-on-the-rockwell-factorytalk-hmi-at-pwn2own-miami